tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Egolf <>
Subject Re: How does Tomcat manage Form-based authentication?
Date Fri, 02 Apr 2004 21:35:33 GMT

Malcolm Warren wrote:
> I've tried including the session id, but it creates a new one.
> It's calling a url in another application in the same engine. Can't 
> session info be shared across applications?

No.  Session information cannot be shared between contexts (webapps).
> I've allowed single sign-on in server.xml.
I think single sign-on allows you to share container-based authentication 
between webapps.   In other words, if you've authenticated successfully against 
one webapp, and you've got single sign-on enabled, you're authenticated against 
other webapps within the same container.

> I don't want to merge them into one application, because I may put one 
> of them in another virtual machine.

Maybe you can persist session info that needs to be shared to a backend 
database.  AFAIK, sessions can't cross contexts per the servlet spec.
> On Fri, 2 Apr 2004 10:31:59 +0200, Ralph Einfeldt 
> <> wrote:
>> That information is stored in the session.
>> So your programm has to include the session id
>> that was created by tomcat in the requests (either
>> as cookie or as query parameter)
>>> -----Original Message-----
>>> From: Malcolm Warren []
>>> Sent: Friday, April 02, 2004 10:12 AM
>>> To: Tomcat Users List
>>> Subject: Re: How does Tomcat manage Form-based authentication?
>>> I'm using an old nuts and bolts programme that actually
>>> programmatically sent the "Authorization" header string
>>> for BASIC  authorization, and I'd  like to continue using
>>> this programme, but I have to tell the new FORM
>>> version that I've already signed in, and I don't know how.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

                                Chris Egolf

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message